CVE-2024-53110

vp_vdpa: fix id_table array not null terminated error

Description

In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix id_table array not null terminated error Allocate one extra virtio_device_id as null terminator, otherwise vdpa_mgmtdev_get_classes() may iterate multiple times and visit undefined memory.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/870d68fe17b5d9032049dcad98b5781a344a8657 patch
https://git.kernel.org/stable/c/c4d64534d4b1c47d2f1ce427497f971ad4735aae patch
https://git.kernel.org/stable/c/0a886489d274596ad1a80789d3a773503210a615 patch
https://git.kernel.org/stable/c/4e39ecadf1d2a08187139619f1f314b64ba7d947 patch

Frequently Asked Questions

What is the severity of CVE-2024-53110?
CVE-2024-53110 has been scored as a medium severity vulnerability.
How to fix CVE-2024-53110?
To fix CVE-2024-53110, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-53110 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-53110 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-53110?
CVE-2024-53110 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.